SSL: add test and fix SSL_get_verify_mode

2021-01-21 14:20:27 -08:00
parent af3d842663
commit 7112a6dd78
2 changed files with 39 additions and 1 deletions
--- a/tests/api.c
+++ b/tests/api.c
@ -32074,6 +32074,43 @@ static void test_wolfSSL_RSA_meth(void)
 #endif
 }

+static void test_wolfSSL_verify_mode(void)
+{
+#if defined(OPENSSL_ALL)
+    WOLFSSL*     ssl;
+    WOLFSSL_CTX* ctx;
+
+    printf(testingFmt, "test_wolfSSL_verify()");
+    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
+
+    AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
+    AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
+    AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), SSL_SUCCESS);
+
+    AssertNotNull(ssl = SSL_new(ctx));
+    AssertIntEQ(SSL_get_verify_mode(ssl), SSL_CTX_get_verify_mode(ctx));
+    SSL_free(ssl);
+
+    SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
+    AssertNotNull(ssl = SSL_new(ctx));
+    AssertIntEQ(SSL_get_verify_mode(ssl), SSL_CTX_get_verify_mode(ctx));
+    AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_PEER);
+    SSL_free(ssl);
+
+    wolfSSL_CTX_set_verify(ctx,
+                  WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
+    AssertNotNull(ssl = SSL_new(ctx));
+    AssertIntEQ(SSL_get_verify_mode(ssl), SSL_CTX_get_verify_mode(ctx));
+    AssertIntEQ(SSL_get_verify_mode(ssl),
+                WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT);
+    SSL_free(ssl);
+
+    SSL_CTX_free(ctx);
+    printf(resultFmt, passed);
+#endif
+}
+
+
 static void test_wolfSSL_verify_depth(void)
 {
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
@ -40135,6 +40172,7 @@ void ApiTest(void)
    test_wolfSSL_RSA_DER();
    test_wolfSSL_RSA_get0_key();
    test_wolfSSL_RSA_meth();
+    test_wolfSSL_verify_mode();
    test_wolfSSL_verify_depth();
    test_wolfSSL_HMAC_CTX();
    test_wolfSSL_msg_callback();
--- a/wolfssl/openssl/ssl.h
+++ b/wolfssl/openssl/ssl.h
@ -173,7 +173,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;

 /* at the moment only returns ok */
 #define SSL_get_verify_result           wolfSSL_get_verify_result
-#define SSL_get_verify_mode             wolfSSL_SSL_get_verify_mode
+#define SSL_get_verify_mode             wolfSSL_get_verify_mode
 #define SSL_get_verify_depth            wolfSSL_get_verify_depth
 #define SSL_CTX_get_verify_mode         wolfSSL_CTX_get_verify_mode
 #define SSL_CTX_get_verify_depth        wolfSSL_CTX_get_verify_depth